Job News

Search for a job

Can Irish Employers read Employee’s Private messages at work?

Posted by Red Tree on 15/01/16 in In The News

In a case put before the European Court of Human Rights (ECHR), judges ruled that a company which had read an employee’s messages sent through Yahoo Messenger while he was at work was within its rights to do so.Judges said the employee had breached the company’s rules and that his employer had a right to check on his activities.

One interesting aspect of this case is that the Messenger account was a work one, and therefore should strictly speaking have only been used for work-related correspondence. Despite claims that a second, personal account was accessed, the judges only discussed the work account in their ruling.

The judges did note that work policies that give an employer the right to check on employee activities must also protect workers against unfettered snooping.

The judges, sitting in the ECHR in Strasbourg, handed down their decision on Tuesday. It binds all countries that have ratified the European Convention on Human Rights, which includes Ireland.

The worker, an engineer in Romania, had hoped the court would rule that his employer had breached his right to confidential correspondence when it accessed his messages and subsequently sacked him in 2007.

“Workers do not abandon their right to privacy and data protection every morning at the doors of the workplace” – so says the EU Working Party set up to consider the processing of personal data in an employment context.

There has been much hype over the course of the last few days about the European Court of Human Rights (“ECHR”) decision in the Barbulescu case. The word on the street this week is that employers now have carte blanche to go and snoop around their employees’ email accounts. However, a word of caution to employers – this is absolutely not the case!

The ECHR’s decision does not give or offer unlimited justification for employers to access, monitor, review or generally snoop around their employees’ use of computers, emails or indeed internet access and the decision is very specific to its facts.

The Facts:

Mr. Barbulescu was asked, by his employer, to set up a Yahoo Messenger account for the purpose of communicating with clients and contacts. Mr. Barbulescu did as he was asked and went on to use the Yahoo Messenger account for its intended purpose.

Mr. Barbulescu’s employer had in place a very clear policy which expressly stated that employees were “strictly forbidden…to use computers, photocopiers, telephones, telex and fax machines for personal purposes…”. When Mr. Barbulescu denied having used his employer’s Yahoo Messenger account for personal purposes, his employer was able to produce 42 pages of Mr. Barbulescu’s communications with his brother and fiancée.

In subsequent dismissal proceedings, Mr. Barbulescu tried to argue that his rights to personal privacy had been breached. The Romanian Courts held that his employer’s conduct had been reasonable and that the monitoring of his communications had been the only method of establishing if there had been a disciplinary breach. A view with which the ECHR agreed.

The ECHR held that Mr. Barbulescu’s employer’s actions, and specifically their monitoring of the company Yahoo Messenger account, were limited in scope and proportionate.

Tuesday’s decision of the ECHR does not change the current Irish position in relation to accessing employee communications. If an employer has a very clear policy on what an employee can and can’t do on employer devices and systems and the employee has been given that policy, an employer can access and review an employee’s use and communications but only to the extent that such access is reasonable and proportionate.

What Tuesday’s decision does is reiterate the importance of issuing clear guidelines to employees around the use and monitoring of employer devices and internet usage. The ECHR placed particular importance on the fact that the employer had a specific policy which contained a blanket ban on the use of work computers for personal purposes. This is most unusual – the reality is there are few workplaces where some element of personal use of telephones, computers, mobiles, email accounts etc is not permitted or tolerated. The ECHR also placed importance on the fact that the employer had accessed the Yahoo Messenger account in the belief that it contained only work-related messages. Thus the access was reasonable and not excessive.

Employees in Ireland, and all over Europe, are entitled to a reasonable expectation of privacy including in the workplace. This entitlement is enshrined in common law, under statute, in the Irish Constitution and in the European Convention on Human Rights. It is an expectation and a right which has been upheld time and time again.That expectation of privacy can sometimes be limited and narrowed, but only in very limited circumstances. So, our top tips to employers are:

Think about who your employees are, what they do, why they do it and what equipment/access to systems they need to do it

Think about whether it is actually practical or workable to try to prevent employees from using any employer devices or systems for personal purposes

Have a policy and spell out what you are prepared to tolerate, when, how and to what extent

Include a right to monitor usage but bear in mind that any monitoring should be reasonable, proportionate and not excessive

Only monitor when such monitoring would be considered reasonable and proportionate in all of the circumstances

Do not snoop and do not access anything which is clearly marked personal unless you have reason to do so

Make sure your employees are aware of and familiar with your policy and remind them of it regularly